hi mineo, I just updated the wiki to apply your change. But I am not sure your "ditto"s are good, they should be more exact since there are different solutions from other projects correspondingly in front of your "row". Thanks Weizhong Qiang On Fri, Apr 3, 2009 at 10:36 AM, mineo <mineo@riken.jp> wrote:

Hi PGI-wg team,

Wiki Matrix of "Technical survey in security aspect" is to be revised as follows in case of NAREGI.

Please note that NAREGI has not yet implemented BES, and now we are looking for the best way to support both BES and NAREGI services in our middleware.

----------------------------- Transport layer security: TLS/SSL ->ditto HTTP layer security: Https,Httpg ->ditto SOAP layer security: none ->ditto X.509 Credential: X.509 Proxy ->ditto Capability to consume Proxy: ->Proxy certificate chain verification on client and service side X.509 Credential delegation: ->Pluggable module or library for credential delegation on both client and service side, and Delegation Service (planed) X.509 proxy restriction: ->TBD Capability to enforce restriction: ->TBD, The restriction policy will be enforced on service side Attributes as proxy extension: Attribute Certificates ->ditto Capability to consume AC: AC will be verified, and used for access control on both meta scheduler and service side Attributes embedded in SOAP header: SAML Assertions ->none (not planned) Capability to consume SAML Assertion: ->none (not planned) Authorization policy: GridMap /XACML 2 ->ditto ---------------------------------

Best regards, Mineo

-- Shinichi Mineo RIKEN tel : 048-467-9741 e-mail : mineo@riken.jp

_______________________________________________ Pgi-wg mailing list Pgi-wg@ogf.org http://www.ogf.org/mailman/listinfo/pgi-wg